- This course is offered in 60 hours
On completion of this course the students should be able to:
A. Understand the common security threats that threaten information systems in organisations.
B. Analyse and Assess the risk exposures of particular assets to particular threats.
C. Justify the choice of appropriate controls to deal with risks.
D. Critically appraise the use of audit techniques to ensure appropriate use of controls.
E. Implement a practical audit strategy to identify, analyse and manage security risks in an active IT environment.
Risk Management: ALE, Life-Cycle, Outsourcing, CRAMM.
Audit Process: Planning, Fieldwork, Solution-development, Reporting.
Audit Methods: Checklists, Observation, Interview, CAAT’s, Peer/self/full, Internal/external.
Asset security audits: Hardware, Software, Data, Network Audits.
Systems security audits: HR, BCP, SDLC.
IT Governance – Frameworks & Standards: ITIL, CoBIT, COSO, ISO27001, NSA INFOSEC.
IT Governance – Regulations: Sarbanes-Oxley, HIPAA, Basel II, PCIDSS, Data Protection.
Professional Issues: ISACA Code of Conduct; CISA, QiCA, CISM, CISSP Qualifications.
Concepts will be introduced in lectures and practical exercises and problem solving will be done through tutorials.
Student time will be: Lecture – 2/3, Tutorial – 1/3.
Coursework – 50%
Perform individual practical audit and write up.
Learning Outcomes: E.
Examination – 50%
2 hours. Closed book.
Learning Outcomes: A, B, C, D.